Author: geissert
Date: 2012-08-25 22:50:23 +0000 (Sat, 25 Aug 2012)
New Revision: 20032
Modified:
data/CVE/list
Log:
old imp4 (horde) and mysql issues, NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-08-25 22:27:15 UTC (rev 20031)
+++ data/CVE/list 2012-08-25 22:50:23 UTC (rev 20032)
@@ -3129,7 +3129,7 @@
CVE-2012-3253
RESERVED
CVE-2012-3252 (Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20
...)
- TODO: check
+ NOT-FOR-US: HP Serviceguard
CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager
Web ...)
NOT-FOR-US: HP Service Manager
CVE-2012-3250 (Unspecified vulnerability in HP Service Manager Server 7.11,
9.21, and ...)
@@ -3666,9 +3666,9 @@
CVE-2012-2987
RESERVED
CVE-2012-2986 (lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN
...)
- TODO: check
+ NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx
in ...)
- TODO: check
+ NOT-FOR-US: CuteSoft Cute Editor
CVE-2012-2984
RESERVED
CVE-2012-2983
@@ -3678,7 +3678,7 @@
CVE-2012-2981
RESERVED
CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for
Android on ...)
- TODO: check
+ NOT-FOR-US: Samsung and HTC Android
CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release]
RESERVED
- nsd3 <not-affected> (Debian version not affected)
@@ -5214,7 +5214,7 @@
RESERVED
- linux <unfixed>
CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the
...)
- TODO: check
+ NOT-FOR-US: WP-FaceThumb plugin for WordPress
CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function
in ...)
- gdk-pixbuf 2.26.1-1 (low)
CVE-2012-2369 (Format string vulnerability in the log_message_cb function in
...)
@@ -5663,7 +5663,7 @@
CVE-2012-2191 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in
IBM ...)
NOT-FOR-US: IBM Global Security Kit
CVE-2012-2190 (IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server
in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-2189
RESERVED
CVE-2012-2188 (IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4,
...)
@@ -6406,7 +6406,7 @@
CVE-2012-1909 (The Bitcoin protocol, as used in bitcoind before 0.4.4,
wxBitcoin, ...)
- bitcoin 0.6.0-1
CVE-2012-1908 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through
4.3 ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2012-1907 (The scanner engine in PrivaWall Antivirus 5.6 and earlier does
not ...)
NOT-FOR-US: PrivaWall Antivirus
CVE-2012-1906 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet
...)
@@ -6560,7 +6560,7 @@
{DSA-2448-1}
- inspircd 2.0.5-0.1 (bug #667914)
CVE-2012-1835 (Multiple cross-site scripting (XSS) vulnerabilities in the
All-in-One ...)
- TODO: check
+ NOT-FOR-US: All-in-One Event Calendar plugin for WordPress
CVE-2012-1834
RESERVED
CVE-2012-1833
@@ -7148,7 +7148,7 @@
CVE-2012-1598
RESERVED
CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode
function in ...)
- TODO: check
+ NOT-FOR-US: eZ Publish
CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...)
- wireshark 1.6.6-1 (unimportant; bug #666058)
NOTE: Not suitable for code injection
@@ -9302,11 +9302,11 @@
CVE-2012-0714
RESERVED
CVE-2012-0713 (Unspecified vulnerability in the XML feature in IBM DB2 9.7
before FP6 ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2012-0712 (The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and
9.8 ...)
NOT-FOR-US: IBM DB2
CVE-2012-0711 (Integer signedness error in the db2dasrrm process in the DB2
...)
- NOT-FOR-US: DB2
+ NOT-FOR-US: IBM DB2
CVE-2012-0710 (IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8
...)
NOT-FOR-US: IBM DB2
CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4
does not ...)
@@ -9398,7 +9398,7 @@
CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote
attackers to ...)
- webkit <undetermined>
CVE-2012-0681 (Apple Remote Desktop before 3.6.1 does not recognize the
"Encrypt all ...)
- TODO: check
+ NOT-FOR-US: Apple Remote Desktop
CVE-2012-0680 (Apple Safari before 6.0 does not properly handle the
autocomplete ...)
NOT-FOR-US: Apple Safari
CVE-2012-0679 (Apple Safari before 6.0 allows remote attackers to read
arbitrary ...)
@@ -21437,6 +21437,7 @@
CVE-2011-1555 (SQL injection vulnerability in saa.php in Andy''s PHP
Knowledgebase ...)
NOT-FOR-US: Aphpkb
CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ - imp4 <removed>
TODO: check
CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf
before ...)
{DSA-2388-1}
@@ -26534,6 +26535,7 @@
CVE-2009-5027
RESERVED
CVE-2009-5026 (The executable comment feature in MySQL 5.0.x before 5.0.93 and
5.1.x ...)
+ - mysql-5.1 <removed>
TODO: check
CVE-2009-5025 [PyForum XSS+CSRF]
RESERVED
@@ -29143,13 +29145,13 @@
CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2
allows ...)
NOT-FOR-US: ibPhotohost
CVE-2010-3499 (F-Secure Anti-Virus does not properly interact with the
processing of ...)
- TODO: check
+ NOT-FOR-US: F-Secure Anti-Virus
CVE-2010-3498 (AVG Anti-Virus does not properly interact with the processing of
...)
- TODO: check
+ NOT-FOR-US: AVG Anti-Virus
CVE-2010-3497 (Symantec Norton AntiVirus 2011 does not properly interact with
the ...)
- TODO: check
+ NOT-FOR-US: Symantec Norton AntiVirus
CVE-2010-3496 (McAfee VirusScan Enterprise 8.5i and 8.7i does not properly
interact ...)
- TODO: check
+ NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database
(ZODB) ...)
- zodb 3.9.4-1.1 (bug #599711)
CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in
pyftpdlib ...)